diff --git a/.github/workflows/reusable-claude-review.yml b/.github/workflows/reusable-claude-review.yml index a143e2d..374d666 100644 --- a/.github/workflows/reusable-claude-review.yml +++ b/.github/workflows/reusable-claude-review.yml @@ -109,23 +109,29 @@ jobs: client-id: ${{ inputs.azure_client_id }} tenant-id: ${{ inputs.azure_tenant_id }} subscription-id: ${{ inputs.azure_subscription_id }} + enable-AzPSSession: true - name: Fetch Claude OAuth token from Azure Key Vault id: keyvault + uses: azure/powershell@53dd145408794f7e80f97cfcca04155c85234709 # v2.0.0 env: AZURE_KEY_VAULT_NAME: ${{ inputs.azure_key_vault_name }} CLAUDE_SECRET_NAME: ${{ inputs.claude_secret_name }} - run: | - set -euo pipefail + with: + azPSVersion: latest + inlineScript: | + $ErrorActionPreference = "Stop" - claude_token="$(az keyvault secret show --vault-name "${AZURE_KEY_VAULT_NAME}" --name "${CLAUDE_SECRET_NAME}" --query value -o tsv)" - if [ -z "${claude_token}" ]; then - echo "Failed to read Claude token from Azure Key Vault secret '${CLAUDE_SECRET_NAME}'." - exit 1 - fi + $vaultName = $env:AZURE_KEY_VAULT_NAME + $secretName = $env:CLAUDE_SECRET_NAME + $claudeToken = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -AsPlainText + + if ([string]::IsNullOrWhiteSpace($claudeToken)) { + throw "Failed to read Claude token from Azure Key Vault secret '$secretName'." + } - echo "::add-mask::${claude_token}" - echo "claude_code_oauth_token=${claude_token}" >> "${GITHUB_OUTPUT}" + Write-Output "::add-mask::$claudeToken" + "claude_code_oauth_token=$claudeToken" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append - name: Resolve pull request metadata id: pr diff --git a/.github/workflows/reusable-opencode-review.yml b/.github/workflows/reusable-opencode-review.yml index d480260..3c7c62c 100644 --- a/.github/workflows/reusable-opencode-review.yml +++ b/.github/workflows/reusable-opencode-review.yml @@ -180,23 +180,29 @@ jobs: client-id: ${{ inputs.azure_client_id }} tenant-id: ${{ inputs.azure_tenant_id }} subscription-id: ${{ inputs.azure_subscription_id }} + enable-AzPSSession: true - name: Fetch OpenCode model key from Azure Key Vault id: keyvault + uses: azure/powershell@53dd145408794f7e80f97cfcca04155c85234709 # v2.0.0 env: AZURE_KEY_VAULT_NAME: ${{ inputs.azure_key_vault_name }} ZHIPU_SECRET_NAME: ${{ inputs.zhipu_secret_name }} - run: | - set -euo pipefail + with: + azPSVersion: latest + inlineScript: | + $ErrorActionPreference = "Stop" - zhipu_api_key="$(az keyvault secret show --vault-name "${AZURE_KEY_VAULT_NAME}" --name "${ZHIPU_SECRET_NAME}" --query value -o tsv)" - if [ -z "${zhipu_api_key}" ]; then - echo "Failed to read OpenCode API key from Azure Key Vault secret '${ZHIPU_SECRET_NAME}'." - exit 1 - fi + $vaultName = $env:AZURE_KEY_VAULT_NAME + $secretName = $env:ZHIPU_SECRET_NAME + $zhipuApiKey = Get-AzKeyVaultSecret -VaultName $vaultName -Name $secretName -AsPlainText + + if ([string]::IsNullOrWhiteSpace($zhipuApiKey)) { + throw "Failed to read OpenCode API key from Azure Key Vault secret '$secretName'." + } - echo "::add-mask::${zhipu_api_key}" - echo "zhipu_api_key=${zhipu_api_key}" >> "${GITHUB_OUTPUT}" + Write-Output "::add-mask::$zhipuApiKey" + "zhipu_api_key=$zhipuApiKey" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append - name: Resolve pull request metadata id: pr